| version 1.44.2.1, 2002/03/07 17:37:46 |
version 1.44.2.2, 2002/05/17 00:03:23 |
|
|
| #include "servconf.h" |
#include "servconf.h" |
| #include "auth.h" |
#include "auth.h" |
| #include "hostfile.h" |
#include "hostfile.h" |
| |
#include "monitor_wrap.h" |
| |
#include "ssh.h" |
| |
|
| /* import */ |
/* import */ |
| extern ServerOptions options; |
extern ServerOptions options; |
|
|
| * description of the options. |
* description of the options. |
| */ |
*/ |
| |
|
| |
BIGNUM * |
| |
auth_rsa_generate_challenge(Key *key) |
| |
{ |
| |
BIGNUM *challenge; |
| |
BN_CTX *ctx; |
| |
|
| |
if ((challenge = BN_new()) == NULL) |
| |
fatal("auth_rsa_generate_challenge: BN_new() failed"); |
| |
/* Generate a random challenge. */ |
| |
BN_rand(challenge, 256, 0, 0); |
| |
if ((ctx = BN_CTX_new()) == NULL) |
| |
fatal("auth_rsa_generate_challenge: BN_CTX_new() failed"); |
| |
BN_mod(challenge, challenge, key->rsa->n, ctx); |
| |
BN_CTX_free(ctx); |
| |
|
| |
return challenge; |
| |
} |
| |
|
| |
int |
| |
auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) |
| |
{ |
| |
u_char buf[32], mdbuf[16]; |
| |
MD5_CTX md; |
| |
int len; |
| |
|
| |
/* don't allow short keys */ |
| |
if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
| |
error("auth_rsa_verify_response: n too small: %d bits", |
| |
BN_num_bits(key->rsa->n)); |
| |
return (0); |
| |
} |
| |
|
| |
/* The response is MD5 of decrypted challenge plus session id. */ |
| |
len = BN_num_bytes(challenge); |
| |
if (len <= 0 || len > 32) |
| |
fatal("auth_rsa_verify_response: bad challenge length %d", len); |
| |
memset(buf, 0, 32); |
| |
BN_bn2bin(challenge, buf + 32 - len); |
| |
MD5_Init(&md); |
| |
MD5_Update(&md, buf, 32); |
| |
MD5_Update(&md, session_id, 16); |
| |
MD5_Final(mdbuf, &md); |
| |
|
| |
/* Verify that the response is the original challenge. */ |
| |
if (memcmp(response, mdbuf, 16) != 0) { |
| |
/* Wrong answer. */ |
| |
return (0); |
| |
} |
| |
/* Correct answer. */ |
| |
return (1); |
| |
} |
| |
|
| /* |
/* |
| * Performs the RSA authentication challenge-response dialog with the client, |
* Performs the RSA authentication challenge-response dialog with the client, |
| * and returns true (non-zero) if the client gave the correct answer to |
* and returns true (non-zero) if the client gave the correct answer to |
|
|
| */ |
*/ |
| |
|
| int |
int |
| auth_rsa_challenge_dialog(RSA *pk) |
auth_rsa_challenge_dialog(Key *key) |
| { |
{ |
| BIGNUM *challenge, *encrypted_challenge; |
BIGNUM *challenge, *encrypted_challenge; |
| BN_CTX *ctx; |
u_char response[16]; |
| u_char buf[32], mdbuf[16], response[16]; |
int i, success; |
| MD5_CTX md; |
|
| u_int i; |
|
| int len; |
|
| |
|
| if ((encrypted_challenge = BN_new()) == NULL) |
if ((encrypted_challenge = BN_new()) == NULL) |
| fatal("auth_rsa_challenge_dialog: BN_new() failed"); |
fatal("auth_rsa_challenge_dialog: BN_new() failed"); |
| if ((challenge = BN_new()) == NULL) |
|
| fatal("auth_rsa_challenge_dialog: BN_new() failed"); |
|
| |
|
| /* Generate a random challenge. */ |
challenge = PRIVSEP(auth_rsa_generate_challenge(key)); |
| BN_rand(challenge, 256, 0, 0); |
|
| if ((ctx = BN_CTX_new()) == NULL) |
|
| fatal("auth_rsa_challenge_dialog: BN_CTX_new() failed"); |
|
| BN_mod(challenge, challenge, pk->n, ctx); |
|
| BN_CTX_free(ctx); |
|
| |
|
| /* Encrypt the challenge with the public key. */ |
/* Encrypt the challenge with the public key. */ |
| rsa_public_encrypt(encrypted_challenge, challenge, pk); |
rsa_public_encrypt(encrypted_challenge, challenge, key->rsa); |
| |
|
| /* Send the encrypted challenge to the client. */ |
/* Send the encrypted challenge to the client. */ |
| packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); |
packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); |
|
|
| response[i] = packet_get_char(); |
response[i] = packet_get_char(); |
| packet_check_eom(); |
packet_check_eom(); |
| |
|
| /* The response is MD5 of decrypted challenge plus session id. */ |
success = PRIVSEP(auth_rsa_verify_response(key, challenge, response)); |
| len = BN_num_bytes(challenge); |
|
| if (len <= 0 || len > 32) |
|
| fatal("auth_rsa_challenge_dialog: bad challenge length %d", len); |
|
| memset(buf, 0, 32); |
|
| BN_bn2bin(challenge, buf + 32 - len); |
|
| MD5_Init(&md); |
|
| MD5_Update(&md, buf, 32); |
|
| MD5_Update(&md, session_id, 16); |
|
| MD5_Final(mdbuf, &md); |
|
| BN_clear_free(challenge); |
BN_clear_free(challenge); |
| |
return (success); |
| /* Verify that the response is the original challenge. */ |
|
| if (memcmp(response, mdbuf, 16) != 0) { |
|
| /* Wrong answer. */ |
|
| return 0; |
|
| } |
|
| /* Correct answer. */ |
|
| return 1; |
|
| } |
} |
| |
|
| /* |
/* |
| * Performs the RSA authentication dialog with the client. This returns |
* check if there's user key matching client_n, |
| * 0 if the client could not be authenticated, and 1 if authentication was |
* return key if login is allowed, NULL otherwise |
| * successful. This may exit if there is a serious protocol violation. |
|
| */ |
*/ |
| |
|
| int |
int |
| auth_rsa(struct passwd *pw, BIGNUM *client_n) |
auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) |
| { |
{ |
| char line[8192], *file; |
char line[8192], *file; |
| int authenticated; |
int allowed = 0; |
| u_int bits; |
u_int bits; |
| FILE *f; |
FILE *f; |
| u_long linenum = 0; |
u_long linenum = 0; |
| struct stat st; |
struct stat st; |
| Key *key; |
Key *key; |
| char *fp; |
|
| |
|
| /* no user given */ |
|
| if (pw == NULL) |
|
| return 0; |
|
| |
|
| /* Temporarily use the user's uid. */ |
/* Temporarily use the user's uid. */ |
| temporarily_use_uid(pw); |
temporarily_use_uid(pw); |
| |
|
|
|
| /* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
| restore_uid(); |
restore_uid(); |
| xfree(file); |
xfree(file); |
| return 0; |
return (0); |
| } |
} |
| /* Open the file containing the authorized keys. */ |
/* Open the file containing the authorized keys. */ |
| f = fopen(file, "r"); |
f = fopen(file, "r"); |
| if (!f) { |
if (!f) { |
| /* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
| restore_uid(); |
restore_uid(); |
| packet_send_debug("Could not open %.900s for reading.", file); |
|
| packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); |
|
| xfree(file); |
xfree(file); |
| return 0; |
return (0); |
| } |
} |
| if (options.strict_modes && |
if (options.strict_modes && |
| secure_filename(f, file, pw, line, sizeof(line)) != 0) { |
secure_filename(f, file, pw, line, sizeof(line)) != 0) { |
| xfree(file); |
xfree(file); |
| fclose(f); |
fclose(f); |
| log("Authentication refused: %s", line); |
log("Authentication refused: %s", line); |
| packet_send_debug("Authentication refused: %s", line); |
|
| restore_uid(); |
restore_uid(); |
| return 0; |
return (0); |
| } |
} |
| /* Flag indicating whether authentication has succeeded. */ |
|
| authenticated = 0; |
|
| |
|
| |
/* Flag indicating whether the key is allowed. */ |
| |
allowed = 0; |
| |
|
| key = key_new(KEY_RSA1); |
key = key_new(KEY_RSA1); |
| |
|
| /* |
/* |
|
|
| if (!auth_parse_options(pw, options, file, linenum)) |
if (!auth_parse_options(pw, options, file, linenum)) |
| continue; |
continue; |
| |
|
| /* Perform the challenge-response dialog for this key. */ |
/* break out, this key is allowed */ |
| if (!auth_rsa_challenge_dialog(key->rsa)) { |
allowed = 1; |
| /* Wrong response. */ |
|
| verbose("Wrong response to RSA authentication challenge."); |
|
| packet_send_debug("Wrong response to RSA authentication challenge."); |
|
| /* |
|
| * Break out of the loop. Otherwise we might send |
|
| * another challenge and break the protocol. |
|
| */ |
|
| break; |
|
| } |
|
| /* |
|
| * Correct response. The client has been successfully |
|
| * authenticated. Note that we have not yet processed the |
|
| * options; this will be reset if the options cause the |
|
| * authentication to be rejected. |
|
| * Break out of the loop if authentication was successful; |
|
| * otherwise continue searching. |
|
| */ |
|
| authenticated = 1; |
|
| |
|
| fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
|
| verbose("Found matching %s key: %s", |
|
| key_type(key), fp); |
|
| xfree(fp); |
|
| |
|
| break; |
break; |
| } |
} |
| |
|
|
|
| xfree(file); |
xfree(file); |
| fclose(f); |
fclose(f); |
| |
|
| key_free(key); |
/* return key if allowed */ |
| |
if (allowed && rkey != NULL) |
| if (authenticated) |
*rkey = key; |
| packet_send_debug("RSA authentication accepted."); |
|
| else |
else |
| |
key_free(key); |
| |
return (allowed); |
| |
} |
| |
|
| |
/* |
| |
* Performs the RSA authentication dialog with the client. This returns |
| |
* 0 if the client could not be authenticated, and 1 if authentication was |
| |
* successful. This may exit if there is a serious protocol violation. |
| |
*/ |
| |
int |
| |
auth_rsa(struct passwd *pw, BIGNUM *client_n) |
| |
{ |
| |
Key *key; |
| |
char *fp; |
| |
|
| |
/* no user given */ |
| |
if (pw == NULL) |
| |
return 0; |
| |
|
| |
if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { |
| auth_clear_options(); |
auth_clear_options(); |
| |
return (0); |
| |
} |
| |
|
| /* Return authentication result. */ |
/* Perform the challenge-response dialog for this key. */ |
| return authenticated; |
if (!auth_rsa_challenge_dialog(key)) { |
| |
/* Wrong response. */ |
| |
verbose("Wrong response to RSA authentication challenge."); |
| |
packet_send_debug("Wrong response to RSA authentication challenge."); |
| |
/* |
| |
* Break out of the loop. Otherwise we might send |
| |
* another challenge and break the protocol. |
| |
*/ |
| |
key_free(key); |
| |
return (0); |
| |
} |
| |
/* |
| |
* Correct response. The client has been successfully |
| |
* authenticated. Note that we have not yet processed the |
| |
* options; this will be reset if the options cause the |
| |
* authentication to be rejected. |
| |
*/ |
| |
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
| |
verbose("Found matching %s key: %s", |
| |
key_type(key), fp); |
| |
xfree(fp); |
| |
key_free(key); |
| |
|
| |
packet_send_debug("RSA authentication accepted."); |
| |
return (1); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-rsa.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh